I have always found it strange that the ACLU speaks with two voices when it comes to user empowerment as a response to government regulation of the Internet. That is, when responding to government efforts to regulate the Internet for online safety or speech purposes, the ACLU stresses personal responsibility and user empowerment as the first-order response. But as soon as the conversation switches to online advertising and data collection, the ACLU suggests that people are basically sheep who can’t possibly look out for themselves and, therefore, increased Internet regulation is essential. They’re not the only ones adopting this paradoxical position. In previous essays I’ve highlighted how both EFF and CDT do the same thing. But let me focus here on ACLU.
Writing today on the ACLU “Free Future” blog, ACLU senior policy analyst Jay Stanley cites a new paper that he says proves “the absurdity of the position that individuals who desire privacy must attempt to win a technological arms race with the multi-billion dollar internet-advertising industry.” The new study Stanley cites says that “advertisers are making it impossible to avoid online tracking” and that it isn’t paternalistic for government to intervene and regulate if the goal is to enhance user privacy choices. Stanley wholeheartedly agrees. In this and other posts, he and other ACLU analysts have endorsed greater government action to address this perceived threat on the grounds that, in essence, user empowerment cannot work when it comes to online privacy.
Again, this represents a very different position from the one that ACLU has staked out and brilliantly defended over the past 15 years when it comes to user empowerment as the proper and practical response to government regulation of objectionable online speech and pornography. For those not familiar, beginning in the mid-1990s, lawmakers started pursuing a number of new forms of Internet regulation — direct censorship and mandatory age verification were the primary methods of control — aimed at curbing objectionable online speech. In case after case, the ACLU rose up to rightly defend our online liberties against such government encroachment. (I was proud to have worked closely with many former ACLU officials in these battles.) Most notably, the ACLU pushed back against the Communications Decency Act of 1996 (CDA) and the Child Online Protection Act of 1998 (COPA) and they won landmark decisions for us in the process. Continue reading →
Yesterday POLITICO Pro said both political parties are on the verge of declaring support for some version of Internet freedom in their 2012 platforms. The Democratic platform contained a lengthy statement in 2008, but according to Politico, its 2012 platform will consist of a simple sentence about protecting the open Internet. Politico also noted that, though Republicans hardly mentioned the Internet in 2008, they are expected to consider several Internet proposals during their platform meeting early next week. Will the new Republican platform address Internet freedom? If so, what is the platform likely to say? Continue reading →
Last month, it was my great privilege to be invited to deliver some remarks at the University of Maine’s Center for Law and Innovation (CLI) as part of their annual “Privacy in Practice” conference. Rita Heimes and Andrew Clearwater of the CLI put together a terrific program that also featured privacy gurus Harriet Pearson, Chris Wolf, Omer Tene, Kris Klein and Trevor Hughes. [Click on their names to watch their presentations.] In my remarks, I presented a wide-ranging (sometimes rambling) overview of how privacy policy is unfolding here in the U.S. as compared to the European Union, and also offered a full-throated defense of America’s approach to privacy as compared to the model from the other side of the Atlantic that many now want us to adopt here in the U.S. I also identified the many interesting parallels between online child safety policy and privacy policy here in the U.S. and discussed how we can apply a similar toolbox of solutions to problems that arise in both contexts. If you’re interested, I’ve embedded my entire 20-minute speech below, but I encourage you to also check out the other speakers videos that the folks at the CLI have posted on their site here. And keep an eye on the Maine Center for Law and Innovation; it is an up and coming powerhouse in the field of cyberlaw and Internet policy.
There was an important article about online age verification in The New York Times yesterday entitled, “Verifying Ages Online Is a Daunting Task, Even for Experts.” It’s definitely worth a read since it reiterates the simple truth that online age verification is enormously complicated and hugely contentious (especially legally). It’s also worth reading since this issue might be getting hot again as Facebook considers allowing kids under 13 on its site.
Just five years ago, age verification was a red-hot tech policy issue. The rise of MySpace and social networking in general had sent many state AGs, other lawmakers, and some child safety groups into full-blown moral panic mode. Some wanted to ban social networks in schools and libraries (recall that a 2006 House measure proposing just that actually received 410 votes, although the measure died in the Senate), but mandatory online age verification for social networking sites was also receiving a lot of support. This generated much academic and press inquiry into the sensibility and practicality of mandatory age verification as an online safety strategy. Personally, I was spending almost all my time covering the issue between late 2006 and mid-2007. The title of one of my papers on the topic reflected the frustration many shared about the issue: “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”
Simply put, too many people were looking for an easy, silver-bullet solution to complicated problems regarding how kids get online and how to keep them safe once they get there. For a time, age verification became that silver bullet for those who felt that “we must do something” politically to address online safety concerns. Alas, mandatory age verification was no silver bullet. As I summarized in this 2009 white paper, “Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” all previous research and task force reports looking into this issue have concluded that a diverse toolbox and a “layered approach” must be brought to bear on these problems. There are no simple fixes. Specifically, here’s what each of the major online child safety task forces that have been convened since 2000 had to say about the wisdom of mandatory age verification: Continue reading →
The world does not owe targeted advertising networks a business model, so I am agnostic about Microsoft’s decision to ship Internet Explorer 10 with “Do-Not-Track” enabled by default. Ryan Singel has a good write-up on Threat Level that covers many dimensions of the issue.
Decisions like this are never driven by a single motivation, but I’m interested in the likelihood that Microsoft made this choice hoping to drive a dagger into Google’s business model. To the extent it did, it’s a nice illustration of how competition among companies can serve consumers’ privacy preferences. There is some demand for privacy, though less than most regulatory types believe. Microsoft saw an angle to get some pro-privacy PR, improve consumers’ privacy by a small margin, and hamstring a competitor. You go, girl. Er, Microsoft.
Now, consumers aren’t falling over themselves for protection from the benign practice of tracking for the purpose of delivering targeted ads. I suspect that counter-punches from ad networks and Google will send the Do Not Track header into the dustbin of privacy history right along with P3P. The idea of putting a signal into the header that says “please do not track” is clumsy, to put it charitably.
If you want to avoid tracking, you can do that already. Use Tracking Protection Lists.
May 2012
TECHNOLOGY AND LIBERTY DIRECTOR
(Full-time)
The ACLU of Washington (ACLU-WA) seeks a self-motivated public policy advocate to lead its work to protect civil liberties in the face of society’s increasingly advanced technologies. The ACLU-WA’s staff of 30 employees and numerous volunteers work in a fast-paced, friendly and professional office in downtown Seattle. Continue reading →
This morning I spoke at a U.S. Chamber of Commerce event on “Responsible Data Uses: Benefits to Consumers, Businesses and the Economy.” In preparing for the event, I dusted off some old working notes for speeches I had delivered at other events about privacy policy and “big data” and expanded them a bit to account for recent policy developments. For what it’s worth, I figured I would post those notes here. (I apologize about the informality but I never write out my speeches, I just work from bullet points.)
—————–
Benefits of “Big Data”
- “big data” has numerous micro- and macroeconomic benefits
- Micro benefits:
- data aggregation of all varieties has powerful social and economic benefits that are sometimes invisible to consumers and citizens but are nonetheless enjoyed by them
- big data can positively impact the 3 key micro variables – quality, quantity & price – and benefit consumers / citizens in the process
- Macro benefits:
- Data is the lifeblood of the information economy and it has an increasing bearing on the global competitiveness of companies and countries
- In the old days, when we talked about comparative and competitive advantage, the focus was on natural resources, labor, and capital.
- Today, we increasingly talk about another variable: information
- Data is increasing one of the most important resources that can benefit economic growth, innovation, and the competitive advantage of firms and nations.
Privacy Concerns
- of course, “big data” also raises big privacy concerns for many groups and individuals
- this has led to calls for regulatory action and virtually all levels of government – federal, state, local, and international – are considering expanded controls on data collection and aggregation
Continue reading →
Andrew Orlowski of The Register (U.K.) recently posted a very interesting essay making the case for treating online copyright and privacy as essentially the same problem in need of the same solution: increased property rights. In his essay (“‘Don’t break the internet’: How an idiot’s slogan stole your privacy“), he argues that, “The absence of permissions on our personal data and the absence of permissions on digital copyright objects are two sides of the same coin. Economically and legally they’re an absence of property rights – and an insistence on preserving the internet as a childlike, utopian world, where nobody owns anything, or ever turns a request down. But as we’ve seen, you can build things like libraries with permissions too – and create new markets.” He argues that “no matter what law you pass, it won’t work unless there’s ownership attached to data, and you, as the individual, are the ultimate owner. From the basis of ownership, we can then agree what kind of rights are associated with the data – eg, the right to exclude people from it, the right to sell it or exchange it – and then build a permission-based world on top of that.”
And so, he concludes, we should set aside concerns about Internet regulation and information control and get down to the business of engineering solutions that would help us property-tize both intangible creations and intangible facts about ourselves to better shield our intellectual creations and our privacy in the information age. He builds on the thoughts of Mark Bide, a tech consultant:
For Bide, privacy and content markets are just a technical challenges that need to be addressed intelligently.”You can take two views,” he told me. “One is that every piece of information flowing around a network is a good thing, and we should know everything about everybody, and have no constraints on access to it all.” People who believe this, he added, tend to be inflexible – there is no half-way house. “The alternative view is that we can take the technology to make privacy and intellectual property work on the network. The function of copyright is to allow creators and people who invest in creation to define how it can be used. That’s the purpose of it. “So which way do we want to do it?” he asks. “Do we want to throw up our hands and do nothing? The workings of a civilised society need both privacy and creator’s rights.” But this a new way of thinking about things: it will be met with cognitive dissonance. Copyright activists who fight property rights on the internet and have never seen a copyright law they like, generally do like their privacy. They want to preserve it, and will support laws that do. But to succeed, they’ll need to argue for stronger property rights. They have yet to realise that their opponents in the copyright wars have been arguing for those too, for years. Both sides of the copyright “fight” actually need the same thing. This is odd, I said to Bide. How can he account for this irony? “Ah,” says Bide. “Privacy and copyright are two things nobody cares about unless it’s their own privacy, and their own copyright.”
These are important insights that get at a fundamental truth that all too many people ignore today: At root,
most information control efforts are related and solutions for one problem can often be used to address others. But there’s another insight that Orlowski ignores: Whether we are discussing copyright, privacy, online speech and child safety, or cybersecurity, all these efforts to control the free flow of digitized bits over decentralized global networks will be increasingly complex, costly, and riddled with myriad unintended consequences. Importantly, that is true whether you seek to control information flows through top-down administrative regulation or by assigning and enforcing property rights in intellectual creations or private information.
Let me elaborate a bit (and I apologize for the rambling mess of rant that follows).
The Federal Trade Commission (FTC) has just released its final privacy framework proposal, “Protecting Consumer Privacy in an Era of Rapid Change.” The agency released a draft report with the same title back in late 2010 and then asked for comments. [Here were my comments to the agency.] The FTC’s final report comes just a month after the Obama Administration released its 50-page privacy framework, Consumer Data Privacy in a Networked World, which included a privacy “bill of rights.” That report was primarily driven by the Department of Commerce. [I penned a Forbes column about that report the day it was released.] The new FTC report is fairly consistent with the earlier Commerce Department report. Here are some of the key themes or recommendations from the final FTC report:
- rooted in a set of baseline privacy principles with a strong push for “privacy by design,” more consumer choice, and better transparency.
- along with Dept of Commerce, the agency will work with industry to develop privacy codes of conduct and then give them teeth with possibility of FTC enforcement.
- pushes for industry to pursue voluntary “Do Not Track” mechanism, which to the agency apparently means “do not collect” any info.
- calls on Congress to pass data security legislation and legislation “to provide greater transparency for, and control over, the practices of information brokers.” Also, “to further increase transparency, the Commission calls on data brokers that compile data for marketing purposes to explore creating a centralized website where data brokers could (1) identify themselves to consumers and describe how they collect and use consumer data and (2) detail the access rights and other choices they provide with respect to the consumer data they maintain.”
- the agency will host a workshop later this year to discuss privacy withing “large platform providers.” The report notes: “To the extent that large platforms, such as Internet Service Providers, operating systems, browsers, and social media, seek to comprehensively track consumers’ online activities, it raises heightened privacy concerns.”
- the agency is also stepping up oversight on mobile privacy issues.
- the agency says it “generally supports the exploration of efforts to develop additional mechanisms, such as the ‘eraser button’ for social media,” but stops short of saying it should be mandated at this time.
Some of my initial random thoughts about the FTC report: Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.